Direct Access 2012 -- method for disabling and re-enabling client access ?

We have a reliably functioning DA 2012 setup (which is great), but I need a way to selectively Disable and later Re-Enable DA for particular clients. We use a security group for the Computer accounts of the clients and this is referenced both by Group Policy (to assign the right settings to the DA Clients) and by the DA Server (to grant the access).

We had hoped that we could simply delete the client Computer account from the security group, but when we tried this the DA server seems to just ignore it, even after a reboot of the DA Server.

We have looked all through the settings of the DA server to see if there is a "disconnect client" option, but can't find anything (which truly amazes me!).

I have seen one blog post from Richard Hicks which recommends running some PowerShell commands (http://directaccess.richardhicks.com/2013/06/11/disconnecting-directaccess-clients-on-windows-server-2012) but after testing these it seems clear that this really only helps me in a scenario where (A) the client is offsite; and (B) I first Disable the Computer account in AD and then replicate AD.

Wondering what my options are? What do I do when we want to Disable DA for a particular client and then turn it back on again some weeks later?

March 4th, 2014 5:43pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics